This is a static archive of our old Q&A Site. Please post any new questions and answers at

Protocol analyzer for validating custom network protocol


I have a server and a client that are sending binary data inside custom structured TCP/UDP packets (a pretty standard scenario I'm sure). In order to validate the data, I would like to use Wireshark to check that the packet structure and contents are correct, but want to avoid the current necessity of (for example) finding the 16-19th bytes in packetX and converting that 32 bit float to a decimal, or scrolling down to the 2314th byte in packetY to see if that byte is 03 or 04 is what's causing the bug... etc etc.

I know wireshark has built-in decoders for a huge variety of common protocols (e.g. HTTP), but what is the best way forward for analyzing custom byte packets (incl variable length)? The packets I am looking at all have a header with a magic start, length, name, and a magic end.

An Lua dissector looks like the right tool, but before I jump into it, I want to see what others might recommend or suggest?

/edit: Real-time is preferred. I am not looking to capture and analyze later, so if I am using Wireshark, I want to see the dissected packets as they come in, and even filter by packet names I have pre-defined in my Lua (if this is possible?)

asked 19 Nov '14, 18:31

Fidelius's gravatar image

accept rate: 0%

edited 19 Nov '14, 18:37

One Answer:


A Lua dissector is one option. Please see the docs and samples to get started.

Another option is the Wireshark gerneric dissector (third party add-on).


answered 20 Nov '14, 01:33

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%


Shameless plug, see my presentation and other materials from Sharkfest'13 about writing a dissector that covers a basic dissector using WSGD, Lua and C.

(20 Nov '14, 02:20) grahamb ♦


no need to be "ashamed" ;-)

(20 Nov '14, 02:52) Kurt Knochner ♦

I'm not, hence the "shameless" :-)

(20 Nov '14, 02:56) grahamb ♦

Thanks Kurt. I started using WSGD but decided the build-in support that Wireshark has for Lua is preferred to a third party dll which might stop development at any stage. And grahamb, that link is dead but I found your zip at Very useful thank you!

(25 Nov '14, 17:03) Fidelius